<?php

namespace App\Http\Middleware;

use Closure;
use Illuminate\Contracts\Session\Session;
use Illuminate\Support\Facades\DB;

class adminuser
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request $request
     * @param  \Closure $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        //先判断是否是超级管理员
        $id = session('admin.id');
        //$id =3;
        $result = DB::select("select `a_type` from `admin` where id=" . $id);
        //判断不是超级管理员的进行判断
        if ($result[0]->a_type !== 1) {
            //查询该用户所有的权限
            $list = DB::select("select p.`per_contor`,p.`per_func` 
                    from `permiss` p,`limt` l, `role` r, `userole` u, `admin` a
                    where p.`id` = l.`li_pid` and l.`li_id` = r.`id` and r.`id` = u.`ro_rid` and u.`ro_id` =                     a.`id` and a.`id`=" . $id);
            foreach ($list as $v) {
                $url[] = $v->per_contor . '@' . $v->per_func;//有的权限
            }
            $url;//管理员所有的权限
            $name = \Illuminate\Support\Facades\Route::currentRouteAction();
            $furl = ltrim(strrchr($name, '\\'), '\\');//用户访问的url
            if (!in_array($furl,$url)){
               return back()->with('error','权限不够');
            }
        }

        //获取传来的路由控制器方法
        return $next($request);
    }
}
